178 matches found
CVE-2026-58056
RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded...
EUVD-2026-39976
RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded...
CVE-2026-58056 RustDesk - FileTransfer Session Authorization Scope Bypass
RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded...
CVE-2026-58056
RustDesk is affected by a session-authorization scope bypass in FileTransfer sessions. The root cause is gating incoming control messages on per-capability flags rather than the session’s authorized connection type; a peer with only valid FileTransfer authorization can inject keyboard/mouse input...
PT-2026-53088
Name of the Vulnerable Software and Affected Versions RustDesk affected versions not specified Description An issue exists where incoming control messages are gated based on per-capability flags instead of the session's authorized connection type. Because a file-transfer session fails to clear...
net/textproto: golang: Golang net/textproto: Misleading error messages via input injection
A flaw was found in the net/textproto package in Golang. When functions in this package return errors, they include their input as part of the error message. An attacker could exploit this by injecting misleading content into these error messages, which are then printed or logged. This could lead...
Moderate: Red Hat Security Advisory: golang security, bug fix, and enhancement update
An update for golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
net/textproto: golang: Golang net/textproto: Misleading error messages via input injection
A flaw was found in the net/textproto package in Golang. When functions in this package return errors, they include their input as part of the error message. An attacker could exploit this by injecting misleading content into these error messages, which are then printed or logged. This could lead...
Moderate: Red Hat Security Advisory: golang security, bug fix, and enhancement update
An update for golang is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
SUSE CVE-2026-54057
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 color-control query reply reflects attacker-controlled bytes, including newlines, into the shell's input without sanitization. Version 0.47.3 fixes the issue...
CVE-2026-49196
The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands...
PT-2026-42501
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213rr.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frm add str POST parameter directly into an HTML form hidden input value attribute...
PT-2026-42647
Impact Authenticated users are able to inject HTML vulnerability into an input field, which is rendered in the confirmation dialog without proper output encoding. Patches This issue has been patched in 17.4.0...
PT-2026-42492
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add nm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket id POST parameter directly into an HTML form input value attribute and an...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Attribute View Name process. An attacker can execute arbitrary JavaScript code in the context of the Electron renderer process by injecting malicious input. Details Cross-site scripting or XSS is a code...
Cross-site Scripting (XSS)
Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the jQuery integration for AJAX modal dialog boxes. An attacker can execute arbitrary scripts in t...
CVE-2026-34263
Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application...
EUVD-2026-29449
A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns...
CVE-2025-40949
A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...
HPE Aruba Networking Wireless Operating System 安全漏洞
HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There is a security vulnerability in the HPE Aruba Networking Wireless Operating System. This vulnerability stems from the lack of cleaning of parameters passed to the...